The James Bond 007 url shortener: This Link Will Self Destruct

This Link Will Self Destruct (TLWSD) is a free public temporary URL service. Our mission is to provide the internet with a fast, friendly, private, and secure means to exchange hyperlinks without leaving a digital paper trail.

 

First, you need to have a URL you want to distribute to a limited number of end users. (For example, a Cryptocat chatroom.) Then head over to the TLWDS homepage and provide your hyperlink. Fill in the number of times you wish this link to be usable before it expires (a link's "life"). Select the level of security you want, then press the "Create Link" and you will receive an SDH — a Self-Destroying Hyperlink.

Security Levels:

• Compact: Short URL. Ideal for sending over SMS and Twitter. Password recommended.
• Medium: Standard level of brute-force resistance to your Self-Destroying Hyperlinks.
• Secure: Long URL. Nearly impervious to brute-force attacks.

When someone accesses your SDH, the server will take 1 point away from the life of the hyperlink. When its life reaches 0, the file containing the hyperlink information will be shredded (learn more) from our server.

(Optional): You may also supply a password to your SDH. When users load the SDH in their web browser, they will be asked for the same password before they can continue to the destination URL. Supplying a password encrypts your destination URL.

The use of this service does not guarantee privacy. It is always best to assume that any information sent can and will be intercepted. Any data sent to the server can be seen by the server, even if it isn't stored by design. This includes information such as your IP address, so it is highly recommended that you access our service through Tor.

This page was written for the technically-minded internet user who is curious about the reliability of this service.

At a glance, TLWSD's service consists of the following:

• Pseudo-randomly generated self-destroying hyperlinks
• AES encryption for password-protected destination URLs

When a user decides to generate a self-destroying hyperlink, the following operations take place depending on the level of security desired:

• Compact — 16 pseudorandom bytes (128 bits) are fed into an SHA1 hash, which is truncated.
• Medium — 20 pseudorandom bytes (160 bits) are fed into an SHA1 hash, which is truncated.
• Secure — 20 pseudorandom bytes (160 bits) plus another 20 random bytes (160 bits) are fed into an HMAC-SHA1 hash, which is NOT truncated.

The end result is a base-36 number preceded by the letter "u". For example, if you generate 1w8a2, then the URL you are provided is https://tlwsd.in/u1w8a2.

If a user supplies a password when creating their self-destroying hyperlink, the following operations take place:

1. The SHA-512 hash is taken of the password.
2. The hash generated in step 1 is split in half. The first half is stored for hash-comparison. The second half is used as the encryption key.
3. The SHA-256 hash is taken of the password.
4. The password is encrypted with AES-256-CBC (IV = SHA256(password))

My reasoning for this is as follows: Since the SHA-512 hash is split in half, you end up with two 256-bit values that resulted from the same input but do not reveal the other's value. Combine this with a third 256-bit value (to use for an Initialization Vector) from the same input, and it becomes to possible to store a hash of the password while still having two more-or-less independent values for the key and IV for AES-256-CBC encryption.

Even if I were a malicious user, having SHA-512-Left does not give me SHA-512-Right, nor SHA-256 and especially not AES-256-CBC.

The information about each link is stored in a file on the server that looks like this:

Line 1 is the number of times this link can be used again.
Line 2 is the stored hash of the user-supplied password.
Line 3 is the AES-encrypted URL.

When a self-destroying link's lifetime reaches 0, it is immediately securely deleted from the server. Secure deletion, meaning a seven-pass overwrite (0xF6, 0x00, 0xFF, random bytes, 0x00, 0xFF, and more random bytes) before being deleted to ensure the information is completely scrambled and unrecoverable.